FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-03 16:31:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
df33c83b-eb4f-11f0-a46f-0897988a1c07	mail/mailpit -- Server-Side Request Forgery Mailpit author reports: A Server-Side Request Forgery (SSRF) vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it does not block internal IP addresses, allowing attackers to access internal services and APIs. Discovery 2026-01-06 Entry 2026-01-06 mailpit < 1.28.1 CVE-2026-21859 https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr

VuXML ID

Description

df33c83b-eb4f-11f0-a46f-0897988a1c07

mail/mailpit -- Server-Side Request Forgery

Mailpit author reports:

A Server-Side Request Forgery (SSRF) vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources.

The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it does not block internal IP addresses, allowing attackers to access internal services and APIs.

Discovery 2026-01-06
Entry 2026-01-06
mailpit

< 1.28.1

CVE-2026-21859
https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr